Effective 1 January 2021, IMO requires cyber risk management to be incorporated into ship safety management systems. How does Dualog Cybersecurity help you comply?
There was a time when cybercrime was alien to the maritime industry. That time has long gone. Today, cybersecurity is key to ensuring safe operation of vessels and safeguarding people, cargo and the environment.
This is why the IMO has adopted the Resolution MSC 428(98), which requires ship owners and managers to assess cyber risk and implement relevant measures across all functions of their safety management system.
To comply with the IMO rules, your shipping company must demonstrate that cyber risk management is an integral part of your vessel safety. And you must do it no later than the first Document of Compliance after 1 January 2021.
The deadline is quickly approaching – are you prepared?
Let’s see how Dualog’s range of cybersecurity solutions can help you ensure IMO compliance.
Dualog’s cybersecurity solutions address IMO requirements
The IMO resolution recommends a holistic approach to safeguarding your digital assets and operations, ashore and aboard. These recommendations can be summarised as the following action steps:
Identify: Define personnel roles and responsibilities for cyber risk management, and identify the systems, assets, data and capabilities that, when disrupted, pose risks to ship operations.
Protect: Implement risk control processes and measures, and contingency planning to protect against a cyber incident and ensure continuity of shipping operations.
Detect: Develop and implement processes and defences necessary to detect a cyber incident in a timely manner.
Respond: Develop and implement activities and plans to provide resilience and restore systems necessary for shipping operations or services halted due to a cyber incident.
Recover: Identify measures to back-up and restore cyber systems necessary for shipping operations that have been impacted by a cyber incident.
Dualog Cybersecurity covers every recommended step – or ticks all the boxes, if you will. The chart below gives a detailed rundown of how five of our services, at different stages, correlate with the stepwise framework necessary to carry out a proper cybersecurity management plan onboard your ships.
Dualog® Cybersecurity: How Dualog services contribute towards the cybersecurity risk management process.
As you can see, Dualog® Protect is our flagship cybersecurity service in this regard, addressing four out of five action steps.
On the one hand, Dualog® Protect enables you to easily create company policies to allow certain services or sites and preventing others. Deciding and setting policies isn’t done arbitrarily; it’s an integral part of the overall preparedness to understand and tackle external cybersecurity threats to ships.
On the other hand, Dualog® Protect operates at the DNS level, which is crucial for your vessels to be certified or audited as ‘cyber secure’ and thus achieve compliance with IMO 2021. Why? Because all the class societies, from ABS to DNV GL, require you to have a DNS filtering mechanism as part of your cybersecurity management regime.
For instance, DNV GL refers to this as ‘DNS exfiltration’: “No hidden communications channel can be established on the device via DNS exfiltration, DNS servers are configured to disallow resolution of untrusted or external hosts.”
This means that even domain name server requests are not considered safe and must be run through a DNS filtering solution – like Dualog® Protect.
With the IMO rules taking effect 1 January 2021, you as an owner risk having ships detained if you cannot demonstrate that your fleet is cyber secure. The only way you can prove you’re cyber secure is by producing an authorised certification.
Dualog can harden your onboard digital security and move you toward cybersecurity certifications. Combined, Dualog’s cybersecurity solutions tick all the boxes on the IMO resolution’s cyber risk management requirements.
Written by Rune Larsen, Service Marketing Manager